Details of VAR-201711-0308

ID

VAR-201711-0308

CVE

CVE-2017-12279

TITLE

Cisco Aironet For access point Cisco IOS Information disclosure vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2017-009842

DESCRIPTION

A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks that are performed by the affected device when the device adds padding to egress packets. An attacker could exploit this vulnerability by sending a crafted IP packet to an affected device. A successful exploit could allow the attacker to retrieve content from memory on the affected device, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvc21581. Vendors have confirmed this vulnerability Bug ID CSCvc21581 It is released as.Information may be obtained. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. IOS Software is one of the dedicated operating systems for network devices

Trust: 1.98

sources: NVD: CVE-2017-12279 // JVNDB: JVNDB-2017-009842 // BID: 101643 // VULHUB: VHN-102785

AFFECTED PRODUCTS

vendor:	cisco	model:	aironet ap	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	aironet access point software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	aironet series 15.3 jd	scope:	eq	version:	3700	Trust: 0.3
vendor:	cisco	model:	aironet series 15.3 jf	scope:	ne	version:	3700	Trust: 0.3
vendor:	cisco	model:	aironet series 15.3 je	scope:	ne	version:	3700	Trust: 0.3
vendor:	cisco	model:	aironet series 15.3 jd7	scope:	ne	version:	3700	Trust: 0.3
vendor:	cisco	model:	aironet series 15.3 jd5	scope:	ne	version:	3700	Trust: 0.3
vendor:	cisco	model:	aironet series 15.3 ja11	scope:	ne	version:	3700	Trust: 0.3

sources: BID: 101643 // JVNDB: JVNDB-2017-009842 // CNNVD: CNNVD-201711-074 // NVD: CVE-2017-12279

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12279
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12279
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201711-074
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102785
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-12279
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-102785
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12279
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102785 // JVNDB: JVNDB-2017-009842 // CNNVD: CNNVD-201711-074 // NVD: CVE-2017-12279

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-102785 // JVNDB: JVNDB-2017-009842 // NVD: CVE-2017-12279

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201711-074

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-074

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009842

PATCH

title:	cisco-sa-20171101-iosap	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-iosap	Trust: 0.8
title:	Cisco Aironet Access Points IOS Software Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76078	Trust: 0.6

sources: JVNDB: JVNDB-2017-009842 // CNNVD: CNNVD-201711-074

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12279	Trust: 2.8
db:	BID	id:	101643	Trust: 2.0
db:	SECTRACK	id:	1039720	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-009842	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-074	Trust: 0.7
db:	VULHUB	id:	VHN-102785	Trust: 0.1

sources: VULHUB: VHN-102785 // BID: 101643 // JVNDB: JVNDB-2017-009842 // CNNVD: CNNVD-201711-074 // NVD: CVE-2017-12279

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171101-iosap	Trust: 2.0
url:	http://www.securityfocus.com/bid/101643	Trust: 1.7
url:	http://www.securitytracker.com/id/1039720	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12279	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12279	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-102785 // BID: 101643 // JVNDB: JVNDB-2017-009842 // CNNVD: CNNVD-201711-074 // NVD: CVE-2017-12279

CREDITS

Cisco.

Trust: 0.3

sources: BID: 101643

SOURCES

db:	VULHUB	id:	VHN-102785
db:	BID	id:	101643
db:	JVNDB	id:	JVNDB-2017-009842
db:	CNNVD	id:	CNNVD-201711-074
db:	NVD	id:	CVE-2017-12279

LAST UPDATE DATE

2025-04-20T23:29:32.039000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102785	date:	2019-10-09T00:00:00
db:	BID	id:	101643	date:	2017-12-19T22:00:00
db:	JVNDB	id:	JVNDB-2017-009842	date:	2017-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201711-074	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12279	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102785	date:	2017-11-02T00:00:00
db:	BID	id:	101643	date:	2017-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-009842	date:	2017-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201711-074	date:	2017-11-03T00:00:00
db:	NVD	id:	CVE-2017-12279	date:	2017-11-02T16:29:00.537